summaryrefslogtreecommitdiffstats
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DotNetOpenAuth/Configuration/HostNameElement.cs29
-rw-r--r--src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs65
-rw-r--r--src/DotNetOpenAuth/Configuration/ProviderSection.cs56
-rw-r--r--src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs77
-rw-r--r--src/DotNetOpenAuth/Configuration/RelyingPartySection.cs59
-rw-r--r--src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs95
-rw-r--r--src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs55
-rw-r--r--src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs154
-rw-r--r--src/DotNetOpenAuth/DotNetOpenAuth.csproj9
-rw-r--r--src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs32
-rw-r--r--src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs1
-rw-r--r--src/DotNetOpenAuth/OpenId/SecuritySettings.cs33
12 files changed, 628 insertions, 37 deletions
diff --git a/src/DotNetOpenAuth/Configuration/HostNameElement.cs b/src/DotNetOpenAuth/Configuration/HostNameElement.cs
new file mode 100644
index 0000000..1b8cf04
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/HostNameElement.cs
@@ -0,0 +1,29 @@
+//-----------------------------------------------------------------------
+// <copyright file="HostNameElement.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System.Configuration;
+
+ /// <summary>
+ /// Represents the name of a single host or a regex pattern for host names.
+ /// </summary>
+ internal class HostNameElement : ConfigurationElement {
+ /// <summary>
+ /// Gets the name of the @name attribute.
+ /// </summary>
+ private const string NameConfigName = "name";
+
+ /// <summary>
+ /// Gets or sets the name of the host on the white or black list.
+ /// </summary>
+ [ConfigurationProperty(NameConfigName, IsRequired = true)]
+ ////[StringValidator(MinLength = 1)]
+ public string Name {
+ get { return (string)this[NameConfigName]; }
+ set { this[NameConfigName] = value; }
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs b/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs
new file mode 100644
index 0000000..0fa2fb1
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/HostNameOrRegexCollection.cs
@@ -0,0 +1,65 @@
+//-----------------------------------------------------------------------
+// <copyright file="HostNameOrRegexCollection.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System.Collections.Generic;
+ using System.Configuration;
+ using System.Text.RegularExpressions;
+
+ /// <summary>
+ /// Represents a collection of child elements that describe host names either as literal host names or regex patterns.
+ /// </summary>
+ internal class HostNameOrRegexCollection : ConfigurationElementCollection {
+ /// <summary>
+ /// Initializes a new instance of the <see cref="HostNameOrRegexCollection"/> class.
+ /// </summary>
+ public HostNameOrRegexCollection() {
+ }
+
+ /// <summary>
+ /// Gets all the members of the collection assuming they are all literal host names.
+ /// </summary>
+ internal IEnumerable<string> KeysAsStrings {
+ get {
+ foreach (HostNameElement element in this) {
+ yield return element.Name;
+ }
+ }
+ }
+
+ /// <summary>
+ /// Gets all the members of the collection assuming they are all host names regex patterns.
+ /// </summary>
+ internal IEnumerable<Regex> KeysAsRegexs {
+ get {
+ foreach (HostNameElement element in this) {
+ yield return new Regex(element.Name);
+ }
+ }
+ }
+
+ /// <summary>
+ /// Creates a new child host name element.
+ /// </summary>
+ /// <returns>
+ /// A new <see cref="T:System.Configuration.ConfigurationElement"/>.
+ /// </returns>
+ protected override ConfigurationElement CreateNewElement() {
+ return new HostNameElement();
+ }
+
+ /// <summary>
+ /// Gets the element key for a specified configuration element.
+ /// </summary>
+ /// <param name="element">The <see cref="T:System.Configuration.ConfigurationElement"/> to return the key for.</param>
+ /// <returns>
+ /// An <see cref="T:System.Object"/> that acts as the key for the specified <see cref="T:System.Configuration.ConfigurationElement"/>.
+ /// </returns>
+ protected override object GetElementKey(ConfigurationElement element) {
+ return ((HostNameElement)element).Name;
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/ProviderSection.cs b/src/DotNetOpenAuth/Configuration/ProviderSection.cs
new file mode 100644
index 0000000..95b3de7
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/ProviderSection.cs
@@ -0,0 +1,56 @@
+//-----------------------------------------------------------------------
+// <copyright file="ProviderSection.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System.Configuration;
+ using IProviderAssociationStore = DotNetOpenAuth.OpenId.IAssociationStore<DotNetOpenAuth.OpenId.AssociationRelyingPartyType>;
+
+ /// <summary>
+ /// The section in the .config file that allows customization of OpenID Provider behaviors.
+ /// </summary>
+ internal class ProviderSection : ConfigurationSection {
+ /// <summary>
+ /// The name of the security sub-element.
+ /// </summary>
+ private const string SecuritySettingsConfigName = "security";
+
+ /// <summary>
+ /// The name of the custom store sub-element.
+ /// </summary>
+ private const string StoreConfigName = "store";
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="ProviderSection"/> class.
+ /// </summary>
+ public ProviderSection() {
+ }
+
+ /// <summary>
+ /// Gets or sets the security settings.
+ /// </summary>
+ [ConfigurationProperty(SecuritySettingsConfigName)]
+ public ProviderSecuritySettingsElement SecuritySettings {
+ get { return (ProviderSecuritySettingsElement)this[SecuritySettingsConfigName] ?? new ProviderSecuritySettingsElement(); }
+ set { this[SecuritySettingsConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the association store type.
+ /// </summary>
+ [ConfigurationProperty(StoreConfigName)]
+ public TypeConfigurationElement<IProviderAssociationStore> AssociationStore {
+ get { return (TypeConfigurationElement<IProviderAssociationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IProviderAssociationStore>(); }
+ set { this[StoreConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets the configuration element from the .config file.
+ /// </summary>
+ internal static ProviderSection Configuration {
+ get { return (ProviderSection)ConfigurationManager.GetSection("dotNetOpenAuth/openid/provider") ?? new ProviderSection(); }
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs b/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs
new file mode 100644
index 0000000..eb6c486
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/ProviderSecuritySettingsElement.cs
@@ -0,0 +1,77 @@
+//-----------------------------------------------------------------------
+// <copyright file="ProviderSecuritySettingsElement.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System.Configuration;
+ using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.Provider;
+
+ /// <summary>
+ /// Represents the .config file element that allows for setting the security policies of the Provider.
+ /// </summary>
+ internal class ProviderSecuritySettingsElement : ConfigurationElement {
+ /// <summary>
+ /// Gets the name of the @protectDownlevelReplayAttacks attribute.
+ /// </summary>
+ private const string ProtectDownlevelReplayAttacksConfigName = "protectDownlevelReplayAttacks";
+
+ /// <summary>
+ /// Gets the name of the @minimumHashBitLength attribute.
+ /// </summary>
+ private const string MinimumHashBitLengthConfigName = "minimumHashBitLength";
+
+ /// <summary>
+ /// Gets the name of the @maximumHashBitLength attribute.
+ /// </summary>
+ private const string MaximumHashBitLengthConfigName = "maximumHashBitLength";
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="ProviderSecuritySettingsElement"/> class.
+ /// </summary>
+ public ProviderSecuritySettingsElement() {
+ }
+
+ /// <summary>
+ /// Gets or sets the minimum length of the hash that protects the protocol from hijackers.
+ /// </summary>
+ [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)]
+ public int MinimumHashBitLength {
+ get { return (int)this[MinimumHashBitLengthConfigName]; }
+ set { this[MinimumHashBitLengthConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the maximum length of the hash that protects the protocol from hijackers.
+ /// </summary>
+ [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)]
+ public int MaximumHashBitLength {
+ get { return (int)this[MaximumHashBitLengthConfigName]; }
+ set { this[MaximumHashBitLengthConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets a value indicating whether the Provider should take special care to protect OpenID 1.x relying parties
+ /// against replay attacks.
+ /// </summary>
+ [ConfigurationProperty(ProtectDownlevelReplayAttacksConfigName, DefaultValue = false)]
+ public bool ProtectDownlevelReplayAttacks {
+ get { return (bool)this[ProtectDownlevelReplayAttacksConfigName]; }
+ set { this[ProtectDownlevelReplayAttacksConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file.
+ /// </summary>
+ /// <returns>The newly created security settings object.</returns>
+ public ProviderSecuritySettings CreateSecuritySettings() {
+ ProviderSecuritySettings settings = new ProviderSecuritySettings();
+ settings.MinimumHashBitLength = this.MinimumHashBitLength;
+ settings.MaximumHashBitLength = this.MaximumHashBitLength;
+ settings.ProtectDownlevelReplayAttacks = this.ProtectDownlevelReplayAttacks;
+ return settings;
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs b/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs
new file mode 100644
index 0000000..d30fb08
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/RelyingPartySection.cs
@@ -0,0 +1,59 @@
+//-----------------------------------------------------------------------
+// <copyright file="RelyingPartySection.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System;
+ using System.Configuration;
+ using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.RelyingParty;
+ using IRelyingPartyAssociationStore = DotNetOpenAuth.OpenId.IAssociationStore<System.Uri>;
+
+ /// <summary>
+ /// The section in the .config file that allows customization of OpenID Relying Party behaviors.
+ /// </summary>
+ internal class RelyingPartySection : ConfigurationSection {
+ /// <summary>
+ /// The name of the custom store sub-element.
+ /// </summary>
+ private const string StoreConfigName = "store";
+
+ /// <summary>
+ /// Gets the name of the security sub-element.
+ /// </summary>
+ private const string SecuritySettingsConfigName = "security";
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="RelyingPartySection"/> class.
+ /// </summary>
+ public RelyingPartySection() {
+ }
+
+ /// <summary>
+ /// Gets or sets the security settings.
+ /// </summary>
+ [ConfigurationProperty(SecuritySettingsConfigName)]
+ public RelyingPartySecuritySettingsElement SecuritySettings {
+ get { return (RelyingPartySecuritySettingsElement)this[SecuritySettingsConfigName] ?? new RelyingPartySecuritySettingsElement(); }
+ set { this[SecuritySettingsConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the association store type.
+ /// </summary>
+ [ConfigurationProperty(StoreConfigName)]
+ public TypeConfigurationElement<IRelyingPartyAssociationStore> AssociationStore {
+ get { return (TypeConfigurationElement<IRelyingPartyAssociationStore>)this[StoreConfigName] ?? new TypeConfigurationElement<IRelyingPartyAssociationStore>(); }
+ set { this[StoreConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets the configuration element from the .config file.
+ /// </summary>
+ internal static RelyingPartySection Configuration {
+ get { return (RelyingPartySection)ConfigurationManager.GetSection("dotNetOpenAuth/openid/relyingParty") ?? new RelyingPartySection(); }
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs b/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs
new file mode 100644
index 0000000..e5cc747
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/RelyingPartySecuritySettingsElement.cs
@@ -0,0 +1,95 @@
+//-----------------------------------------------------------------------
+// <copyright file="RelyingPartySecuritySettingsElement.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System.Configuration;
+ using DotNetOpenAuth.OpenId;
+ using DotNetOpenAuth.OpenId.RelyingParty;
+
+ /// <summary>
+ /// Represents the .config file element that allows for setting the security policies of the Relying Party.
+ /// </summary>
+ internal class RelyingPartySecuritySettingsElement : ConfigurationElement {
+ /// <summary>
+ /// Gets the name of the @minimumRequiredOpenIdVersion attribute.
+ /// </summary>
+ private const string MinimumRequiredOpenIdVersionConfigName = "minimumRequiredOpenIdVersion";
+
+ /// <summary>
+ /// Gets the name of the @minimumHashBitLength attribute.
+ /// </summary>
+ private const string MinimumHashBitLengthConfigName = "minimumHashBitLength";
+
+ /// <summary>
+ /// Gets the name of the @maximumHashBitLength attribute.
+ /// </summary>
+ private const string MaximumHashBitLengthConfigName = "maximumHashBitLength";
+
+ /// <summary>
+ /// Gets the name of the @requireSsl attribute.
+ /// </summary>
+ private const string RequireSslConfigName = "requireSsl";
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="RelyingPartySecuritySettingsElement"/> class.
+ /// </summary>
+ public RelyingPartySecuritySettingsElement() {
+ }
+
+ /// <summary>
+ /// Gets or sets a value indicating whether all discovery and authentication should require SSL security.
+ /// </summary>
+ [ConfigurationProperty(RequireSslConfigName, DefaultValue = false)]
+ public bool RequireSsl {
+ get { return (bool)this[RequireSslConfigName]; }
+ set { this[RequireSslConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the minimum OpenID version a Provider is required to support in order for this library to interoperate with it.
+ /// </summary>
+ /// <remarks>
+ /// Although the earliest versions of OpenID are supported, for security reasons it may be desirable to require the
+ /// remote party to support a later version of OpenID.
+ /// </remarks>
+ [ConfigurationProperty(MinimumRequiredOpenIdVersionConfigName, DefaultValue = "V10")]
+ public ProtocolVersion MinimumRequiredOpenIdVersion {
+ get { return (ProtocolVersion)this[MinimumRequiredOpenIdVersionConfigName]; }
+ set { this[MinimumRequiredOpenIdVersionConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the minimum length of the hash that protects the protocol from hijackers.
+ /// </summary>
+ [ConfigurationProperty(MinimumHashBitLengthConfigName, DefaultValue = SecuritySettings.MinimumHashBitLengthDefault)]
+ public int MinimumHashBitLength {
+ get { return (int)this[MinimumHashBitLengthConfigName]; }
+ set { this[MinimumHashBitLengthConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the maximum length of the hash that protects the protocol from hijackers.
+ /// </summary>
+ [ConfigurationProperty(MaximumHashBitLengthConfigName, DefaultValue = SecuritySettings.MaximumHashBitLengthRPDefault)]
+ public int MaximumHashBitLength {
+ get { return (int)this[MaximumHashBitLengthConfigName]; }
+ set { this[MaximumHashBitLengthConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Initializes a programmatically manipulatable bag of these security settings with the settings from the config file.
+ /// </summary>
+ /// <returns>The newly created security settings object.</returns>
+ public RelyingPartySecuritySettings CreateSecuritySettings() {
+ RelyingPartySecuritySettings settings = new RelyingPartySecuritySettings();
+ settings.RequireSsl = this.RequireSsl;
+ settings.MinimumRequiredOpenIdVersion = this.MinimumRequiredOpenIdVersion;
+ settings.MinimumHashBitLength = this.MinimumHashBitLength;
+ settings.MaximumHashBitLength = this.MaximumHashBitLength;
+ return settings;
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs b/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs
new file mode 100644
index 0000000..a315060
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/TypeConfigurationElement.cs
@@ -0,0 +1,55 @@
+//-----------------------------------------------------------------------
+// <copyright file="TypeConfigurationElement.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System;
+ using System.Configuration;
+
+ /// <summary>
+ /// Represents an element in a .config file that allows the user to provide a @type attribute specifying
+ /// the full type that provides some service used by this library.
+ /// </summary>
+ /// <typeparam name="T">A constraint on the type the user may provide.</typeparam>
+ internal class TypeConfigurationElement<T> : ConfigurationElement {
+ /// <summary>
+ /// The name of the attribute whose value is the full name of the type the user is specifying.
+ /// </summary>
+ private const string CustomTypeConfigName = "type";
+
+ /// <summary>
+ /// Initializes a new instance of the TypeConfigurationElement class.
+ /// </summary>
+ public TypeConfigurationElement() {
+ }
+
+ /// <summary>
+ /// Gets or sets the full name of the type.
+ /// </summary>
+ /// <value>The full name of the type, such as: "ConsumerPortal.Code.CustomStore, ConsumerPortal".</value>
+ [ConfigurationProperty(CustomTypeConfigName)]
+ ////[SubclassTypeValidator(typeof(T))] // this attribute is broken in .NET, I think.
+ public string TypeName {
+ get { return (string)this[CustomTypeConfigName]; }
+ set { this[CustomTypeConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets the type described in the .config file.
+ /// </summary>
+ public Type CustomType {
+ get { return string.IsNullOrEmpty(this.TypeName) ? null : Type.GetType(this.TypeName); }
+ }
+
+ /// <summary>
+ /// Creates an instance of the type described in the .config file.
+ /// </summary>
+ /// <param name="defaultValue">The value to return if no type is given in the .config file.</param>
+ /// <returns>The newly instantiated type.</returns>
+ public T CreateInstance(T defaultValue) {
+ return this.CustomType != null ? (T)Activator.CreateInstance(this.CustomType) : defaultValue;
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs
new file mode 100644
index 0000000..06a670f
--- /dev/null
+++ b/src/DotNetOpenAuth/Configuration/UntrustedWebRequestSection.cs
@@ -0,0 +1,154 @@
+//-----------------------------------------------------------------------
+// <copyright file="UntrustedWebRequestSection.cs" company="Andrew Arnott">
+// Copyright (c) Andrew Arnott. All rights reserved.
+// </copyright>
+//-----------------------------------------------------------------------
+
+namespace DotNetOpenAuth.Configuration {
+ using System;
+ using System.Configuration;
+
+ /// <summary>
+ /// Represents the section of a .config file where security policies regarding web requests
+ /// to user-provided, untrusted servers is controlled.
+ /// </summary>
+ internal class UntrustedWebRequestSection : ConfigurationSection {
+ #region Attribute names
+
+ /// <summary>
+ /// Gets the name of the @timeout attribute.
+ /// </summary>
+ private const string TimeoutConfigName = "timeout";
+
+ /// <summary>
+ /// Gets the name of the @readWriteTimeout attribute.
+ /// </summary>
+ private const string ReadWriteTimeoutConfigName = "readWriteTimeout";
+
+ /// <summary>
+ /// Gets the name of the @maximumBytesToRead attribute.
+ /// </summary>
+ private const string MaximumBytesToReadConfigName = "maximumBytesToRead";
+
+ /// <summary>
+ /// Gets the name of the @maximumRedirections attribute.
+ /// </summary>
+ private const string MaximumRedirectionsConfigName = "maximumRedirections";
+
+ /// <summary>
+ /// Gets the name of the @whitelistHosts attribute.
+ /// </summary>
+ private const string WhitelistHostsConfigName = "whitelistHosts";
+
+ /// <summary>
+ /// Gets the name of the @whitelistHostsRegex attribute.
+ /// </summary>
+ private const string WhitelistHostsRegexConfigName = "whitelistHostsRegex";
+
+ /// <summary>
+ /// Gets the name of the @blacklistHosts attribute.
+ /// </summary>
+ private const string BlacklistHostsConfigName = "blacklistHosts";
+
+ /// <summary>
+ /// Gets the name of the @blacklistHostsRegex attribute.
+ /// </summary>
+ private const string BlacklistHostsRegexConfigName = "blacklistHostsRegex";
+
+ #endregion
+
+ /// <summary>
+ /// Initializes a new instance of the <see cref="UntrustedWebRequestSection"/> class.
+ /// </summary>
+ public UntrustedWebRequestSection() {
+ SectionInformation.AllowLocation = false;
+ }
+
+ /// <summary>
+ /// Gets or sets the read/write timeout after which an HTTP request will fail.
+ /// </summary>
+ [ConfigurationProperty(ReadWriteTimeoutConfigName, DefaultValue = "00:00:00.800")]
+ [PositiveTimeSpanValidator]
+ public TimeSpan ReadWriteTimeout {
+ get { return (TimeSpan)this[ReadWriteTimeoutConfigName]; }
+ set { this[ReadWriteTimeoutConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the timeout after which an HTTP request will fail.
+ /// </summary>
+ [ConfigurationProperty(TimeoutConfigName, DefaultValue = "00:00:10")]
+ [PositiveTimeSpanValidator]
+ public TimeSpan Timeout {
+ get { return (TimeSpan)this[TimeoutConfigName]; }
+ set { this[TimeoutConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the maximum bytes to read from an untrusted web server.
+ /// </summary>
+ [ConfigurationProperty(MaximumBytesToReadConfigName, DefaultValue = 1024 * 1024)]
+ [IntegerValidator(MinValue = 2048)]
+ public int MaximumBytesToRead {
+ get { return (int)this[MaximumBytesToReadConfigName]; }
+ set { this[MaximumBytesToReadConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the maximum redirections that will be followed before an HTTP request fails.
+ /// </summary>
+ [ConfigurationProperty(MaximumRedirectionsConfigName, DefaultValue = 10)]
+ [IntegerValidator(MinValue = 0)]
+ public int MaximumRedirections {
+ get { return (int)this[MaximumRedirectionsConfigName]; }
+ set { this[MaximumRedirectionsConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the collection of hosts on the whitelist.
+ /// </summary>
+ [ConfigurationProperty(WhitelistHostsConfigName, IsDefaultCollection = false)]
+ [ConfigurationCollection(typeof(HostNameOrRegexCollection))]
+ public HostNameOrRegexCollection WhitelistHosts {
+ get { return (HostNameOrRegexCollection)this[WhitelistHostsConfigName] ?? new HostNameOrRegexCollection(); }
+ set { this[WhitelistHostsConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the collection of hosts on the blacklist.
+ /// </summary>
+ [ConfigurationProperty(BlacklistHostsConfigName, IsDefaultCollection = false)]
+ [ConfigurationCollection(typeof(HostNameOrRegexCollection))]
+ public HostNameOrRegexCollection BlacklistHosts {
+ get { return (HostNameOrRegexCollection)this[BlacklistHostsConfigName] ?? new HostNameOrRegexCollection(); }
+ set { this[BlacklistHostsConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the collection of regular expressions that describe hosts on the whitelist.
+ /// </summary>
+ [ConfigurationProperty(WhitelistHostsRegexConfigName, IsDefaultCollection = false)]
+ [ConfigurationCollection(typeof(HostNameOrRegexCollection))]
+ public HostNameOrRegexCollection WhitelistHostsRegex {
+ get { return (HostNameOrRegexCollection)this[WhitelistHostsRegexConfigName] ?? new HostNameOrRegexCollection(); }
+ set { this[WhitelistHostsRegexConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets or sets the collection of regular expressions that describe hosts on the blacklist.
+ /// </summary>
+ [ConfigurationProperty(BlacklistHostsRegexConfigName, IsDefaultCollection = false)]
+ [ConfigurationCollection(typeof(HostNameOrRegexCollection))]
+ public HostNameOrRegexCollection BlacklistHostsRegex {
+ get { return (HostNameOrRegexCollection)this[BlacklistHostsRegexConfigName] ?? new HostNameOrRegexCollection(); }
+ set { this[BlacklistHostsRegexConfigName] = value; }
+ }
+
+ /// <summary>
+ /// Gets the configuration element from the .config file.
+ /// </summary>
+ internal static UntrustedWebRequestSection Configuration {
+ get { return (UntrustedWebRequestSection)ConfigurationManager.GetSection("dotNetOpenAuth/messaging/untrustedWebRequest") ?? new UntrustedWebRequestSection(); }
+ }
+ }
+}
diff --git a/src/DotNetOpenAuth/DotNetOpenAuth.csproj b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
index 432dad6..8c26a46 100644
--- a/src/DotNetOpenAuth/DotNetOpenAuth.csproj
+++ b/src/DotNetOpenAuth/DotNetOpenAuth.csproj
@@ -49,6 +49,7 @@
<HintPath>..\..\lib\log4net.dll</HintPath>
</Reference>
<Reference Include="System" />
+ <Reference Include="System.configuration" />
<Reference Include="System.Core">
<RequiredTargetFramework>3.5</RequiredTargetFramework>
</Reference>
@@ -63,6 +64,14 @@
</Reference>
</ItemGroup>
<ItemGroup>
+ <Compile Include="Configuration\ProviderSection.cs" />
+ <Compile Include="Configuration\ProviderSecuritySettingsElement.cs" />
+ <Compile Include="Configuration\RelyingPartySection.cs" />
+ <Compile Include="Configuration\RelyingPartySecuritySettingsElement.cs" />
+ <Compile Include="Configuration\TypeConfigurationElement.cs" />
+ <Compile Include="Configuration\UntrustedWebRequestSection.cs" />
+ <Compile Include="Configuration\HostNameOrRegexCollection.cs" />
+ <Compile Include="Configuration\HostNameElement.cs" />
<Compile Include="Messaging\EmptyDictionary.cs" />
<Compile Include="Messaging\EmptyEnumerator.cs" />
<Compile Include="Messaging\EmptyList.cs" />
diff --git a/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs b/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs
index 16f23f9..3ae299e 100644
--- a/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs
+++ b/src/DotNetOpenAuth/OpenId/Provider/ProviderSecuritySettings.cs
@@ -16,21 +16,21 @@ namespace DotNetOpenAuth.OpenId.Provider {
: base(true) {
}
- // This property is a placeholder for a feature that has not been written yet.
- ///// <summary>
- ///// Gets or sets whether OpenID 1.x relying parties that may not be
- ///// protecting their users from replay attacks are protected from
- ///// replay attacks by this provider.
- ///// </summary>
- ///// <remarks>
- ///// <para>Nonces for protection against replay attacks were not mandated
- ///// by OpenID 1.x, which leaves users open to replay attacks.</para>
- ///// <para>This feature works by preventing associations from being formed
- ///// with OpenID 1.x relying parties, thereby forcing them into
- ///// "dumb" mode and verifying every claim with this provider.
- ///// This gives the provider an opportunity to verify its own nonce
- ///// to protect against replay attacks.</para>
- ///// </remarks>
- ////internal bool ProtectDownlevelReplayAttacks { get; set; }
+ /// <summary>
+ /// Gets or sets a value indicating whether OpenID 1.x relying parties that may not be
+ /// protecting their users from replay attacks are protected from
+ /// replay attacks by this provider.
+ /// *** This property is a placeholder for a feature that has not been written yet. ***
+ /// </summary>
+ /// <remarks>
+ /// <para>Nonces for protection against replay attacks were not mandated
+ /// by OpenID 1.x, which leaves users open to replay attacks.</para>
+ /// <para>This feature works by preventing associations from being formed
+ /// with OpenID 1.x relying parties, thereby forcing them into
+ /// "dumb" mode and verifying every claim with this provider.
+ /// This gives the provider an opportunity to verify its own nonce
+ /// to protect against replay attacks.</para>
+ /// </remarks>
+ internal bool ProtectDownlevelReplayAttacks { get; set; }
}
}
diff --git a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
index c5b6088..7a3360b 100644
--- a/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
+++ b/src/DotNetOpenAuth/OpenId/RelyingParty/RelyingPartySecuritySettings.cs
@@ -6,6 +6,7 @@
namespace DotNetOpenAuth.OpenId.RelyingParty {
using System;
+ using DotNetOpenAuth.Messaging;
/// <summary>
/// Security settings that are applicable to relying parties.
diff --git a/src/DotNetOpenAuth/OpenId/SecuritySettings.cs b/src/DotNetOpenAuth/OpenId/SecuritySettings.cs
index d3ff934..7f574ba 100644
--- a/src/DotNetOpenAuth/OpenId/SecuritySettings.cs
+++ b/src/DotNetOpenAuth/OpenId/SecuritySettings.cs
@@ -10,13 +10,19 @@ namespace DotNetOpenAuth.OpenId {
/// </summary>
public class SecuritySettings {
/// <summary>
- /// Initializes static members of the <see cref="SecuritySettings"/> class.
+ /// Gets the default minimum hash bit length.
/// </summary>
- static SecuritySettings() {
- MinimumHashBitLengthDefault = 160;
- MaximumHashBitLengthRPDefault = 256;
- MaximumHashBitLengthOPDefault = 512;
- }
+ internal const int MinimumHashBitLengthDefault = 160;
+
+ /// <summary>
+ /// Gets the maximum hash bit length default for relying parties.
+ /// </summary>
+ internal const int MaximumHashBitLengthRPDefault = 256;
+
+ /// <summary>
+ /// Gets the maximum hash bit length default for providers.
+ /// </summary>
+ internal const int MaximumHashBitLengthOPDefault = 512;
/// <summary>
/// Initializes a new instance of the <see cref="SecuritySettings"/> class.
@@ -55,21 +61,6 @@ namespace DotNetOpenAuth.OpenId {
public int MaximumHashBitLength { get; set; }
/// <summary>
- /// Gets the default minimum hash bit length.
- /// </summary>
- internal static int MinimumHashBitLengthDefault { get; private set; }
-
- /// <summary>
- /// Gets the maximum hash bit length default for relying parties.
- /// </summary>
- internal static int MaximumHashBitLengthRPDefault { get; private set; }
-
- /// <summary>
- /// Gets the maximum hash bit length default for providers.
- /// </summary>
- internal static int MaximumHashBitLengthOPDefault { get; private set; }
-
- /// <summary>
/// Determines whether a named association fits the security requirements.
/// </summary>
/// <param name="protocol">The protocol carrying the association.</param>